#cisa20251024 — Public Fediverse posts on home.social

ZEN SecDB @[email protected] · 2025-10-24 · 20:00 UTC

🚨 [CISA-2025:1024] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2025:1024)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-54236 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54236)
- Name: Adobe Commerce and Magento Improper Input Validation Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Commerce and Magento
- Notes: https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236

⚠️ CVE-2025-59287 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-59287)
- Name: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20251024 #cisa20251024 #cve_2025_54236 #cve_2025_59287 #cve202554236 #cve202559287

#secdb #infosec #cve #cisa_kev #cisa_20251024 #cisa20251024

ZEN SecDB @[email protected] · 2025-10-24 · 20:00 UTC

🚨 [CISA-2025:1024] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2025:1024)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-54236 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54236)
- Name: Adobe Commerce and Magento Improper Input Validation Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Commerce and Magento
- Notes: https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236

⚠️ CVE-2025-59287 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-59287)
- Name: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20251024 #cisa20251024 #cve_2025_54236 #cve_2025_59287 #cve202554236 #cve202559287

#secdb #infosec #cve #cisa_kev #cisa_20251024 #cisa20251024

ZEN SecDB @[email protected] · 2025-10-24 · 20:00 UTC

🚨 [CISA-2025:1024] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2025:1024)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-54236 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54236)
- Name: Adobe Commerce and Magento Improper Input Validation Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Commerce and Magento
- Notes: https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236

⚠️ CVE-2025-59287 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-59287)
- Name: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20251024 #cisa20251024 #cve_2025_54236 #cve_2025_59287 #cve202554236 #cve202559287

#cve202559287 #cve202554236 #cve_2025_59287 #cve_2025_54236 #cisa20251024 #cisa_20251024